Generic Security Infrastructure for Com Based Systems

1. A method of providing access control to perform a user requested operation during a session in a COM based computer application system having multiple users and servers, comprising: a security server validating a user to log in to the system for the session by verifying user entered authenticating parameters; a security server generating a single unique user security context number that represents the validated user for the session; storing the single unique user security context number; user requesting access to perform an operation on a server in the system during the session by passing the single unique user security context number; if access control information for the user is not in the server, then obtaining the access control information for the user; storing the access control information for the user security context in the security client's cache; and performing the user requested operation on the server during the session based on the access control information and the single unique user security context number; wherein the single unique user security context number, without exchanging itself for a different context number, allows access to data on multiple servers, or operations to be performed by multiple servers; when a server comes up first, its security agent registering with the security server passing the server name and machine name on which the server is executing, the security server upon validation of the server credentials, generating a unique server security context, the security server passing the unique server security context asynchronously to the server which is being registered, by creating a security monitor component whose ClassId is known and which is housed inside the server; passing a unique server security context number of the server to another server in the system to perform another operation, when the user requested operation requires performing further operation on the other server; checking if the access control information for the first server is present in the local cache of the security agent, if not present fetching it from the security server; the security agent validating the request to use the other server by checking the access control information for the passed in server security context, verifying the passed unique server security context number against the stored access control information of the server in the other server; granting full permission to all server security context, thereby making the further security check faster; performing the other requested operation on the other server based on the outcome of validating the request to use the other server during the session; and repeating the passing, validating, and performing steps when the user requested operation further requires using other servers in the system during the session until the user logs off from the session.

2. The method of claim 1 , wherein validating the user to login to the system further comprises: requesting a login to use the system for a session by the user by entering authenticating parameters or using any other authentication mechanism; verifying the user provided authenticating parameters; and if the authenticating parameters provided by the user are not valid based on the verification, then not generating a unique context number.

3. The method of claim 2 , wherein validating the user comprises: validating the user based on methods selected from the group consisting of verifying the user entered authenticating parameters with stored user information and using an authenticating mechanism supported by the resource operating system.

4. The method of claim 2 , wherein the unique context number comprises a GUID.

5. The method of claim 1 , wherein generating the single unique user security context number comprises: dynamically generating the single unique user security context number while the system is in operation.

6. The method of claim 5 , wherein dynamically generating the single unique user security context number comprises: dynamically generating a unique random number; and optionally encrypting the dynamically generated single unique user security context number for additional security.

7. The method of claim 5 , further comprising: logging off the user from the allowed session upon a request to log off from the system; removing the stored user access control information for this user; and informing all servers of the unregistering of the generated single unique user security context number by notifying the security monitor component of all the servers.

8. The method of claim 7 , further comprising: the central security server storing all the security context of all the logged in users and the servers that are executing at any point of time; and storing the single unique user security context number against the user name and the machine name to allow for user logins to the system from multiple machines.

9. The method of claim 8 , further comprising: unregistering the generated single unique user security context number upon an abnormal shutdown of the server or system in a distributed system, by keeping track of the last activity time of the user; informing all servers of the unregistering of the generated single unique user security context number; and removing stored access control information.

10. The method of claim 1 , further comprising: dynamically generating a single unique user security context number each time a user logs back into the system for another session by re-entering the authenticating parameters.

11. The method of claim 1 , further comprising: security client updating the last activity time of logged in users at regular intervals to security server; security server monitoring inactivity time of the accessed user; comparing the inactivity time to a predetermined inactivity time; and unregistering the generated single unique user security context number, when the inactivity time exceeds the predetermined inactivity time.

12. The method of claim 11 , further comprising: requesting authentication parameters again from the user and generating another single unique user security context number when the user tries to regain access to the system, when the user was logged off due to exceeding the inactivity time.

13. The method of claim 12 , further comprising: passing server authenticating parameters for validation, upon the server coming up in the system; verifying the server by checking the passed server authenticating parameters with server information stored in the database; validating the server based on the outcome of the verifying; generating the single unique server security context number; passing the generated single unique server security context number to the server; storing the generated single unique server security context number in the server; and storing the generated security context in the security server.

14. The method of claim 2 , wherein generating the single unique server security context number comprises: dynamically generating the single unique server security context number; and optionally encrypting the generated single unique server security context number for additional security.

15. The method of claim 1 , further comprising: purging the stored single unique user security context number upon logging off the system by the user: purging the stored single unique server security context number of a server when that server shuts down; and informing all the other servers through the security monitor component to do clean up for this security context.

16. The method of claim 1 , further comprising: requesting to update access control information of a user through a server in the system; notifying all servers to update the access control information for the user, upon receiving the request by sending notification through the security monitor component; and dynamically updating and storing the access control information for the user, upon receiving the notification.